Morioh
Login
Hollie Ratke

Hollie Ratke

3 years ago

The raging pandemic has forced many retailers to re-imagine their businesses, shifting from in-person to contactless interactions through online sales. This new socially distanced reality is colliding with the crush of an upcoming holiday shopping season, creating an unprecedented opportunity for cybercriminals to capitalize.

Magecart is just one of the more potent types of attacks to emerge in recent months. Over one September weekend alone, the group’s card-skimmer malware was launched against 2,000 online retailers, compromising more than 10,000 shoppers.

But experts are warning retailers not to focus only on one threat or on protecting one particular system. Increasingly, attacks are attempting to infiltrate systems from multiple entry points simultaneously, supercharged by bots and automation, and lured by flocks of unsuspecting newbie online shoppers.

In fact, new customer accounts make up 30 percent of current transactions, which is five times higher than pre-COVID, according to Forter’s recent fraud attack index.

With threat levels at historic highs, Threatpost gathered a panel of experts on retail e-commerce security to help sort through the rising threats – and how retailers can defend themselves, their reputations and their customer’s data.

Their prescription isn’t simple. Each suggested a wholistic approach which starts with the basics: Patching, encouraging strong passwords and strong, fundamental Web Application Firewall (WAF) protection.

Besides that, retailers need to understand their own operations first and foremost, gaining a transparent view into them and getting a firm handle on what “normal” looks like for each organization. It’s that critical baseline that will often trigger the first alert the site is under attack.

Industry-leading experts Robert Capps, NuData’s vice president of marketplace innovation; Allan Liska, intelligence analyst for Recorded Future; and Matt Wilson who leads product management for network and application security at Neustar all joined a live Threatpost Webinar event on Oct. 14 titled, “Retail Security: Magecart and the Rise of e-Commerce Threats.”

They offered an up-to-the-minute look at the retail threat landscape, including the application network layer and the evolving role of automation and bots (which are increasingly able to mimic human behavior to evade detection).

Other topics included loyalty programs, fraudsters who buy online and pick up merchandise in the store, the ways cybercriminals can turn an easy buck on unsuspecting retailers is always evolving and more.

Check out our experts’ critical insights on how to keep ahead in our video replay, below, followed by a lightly edited transcript of the event.

Also please check out Threatpost’s collection of previous and upcoming webinar events, available here.

Transcript

Becky Bracken: Hello, everybody, and welcome to Threatpost’s Live webinar titled, Retail Security and the Rise of E-commerce. I’m Becky Bracken and I will be your host for today’s presentation.

Today, we’ve gathered a world-class panel of security experts who will discuss threats online to retailers, and we’re thrilled to have them join us.

The pandemic, as we all know, is created a bit of a perfect storm for retails security breaches, of all kinds.

It’s drastically accelerated the shift from shopping in a store to making even the most mundane purchases online. And I think pretty much once we were all on eBay, bidding on rolls of toilet paper, all sense flew out the window of us not being able to buy everyday stuff online.

In fact, new customer accounts make up 30 percent of current transactions online, which is five times higher than it was before the pandemic, according to Fortes recent fraud attack index.

Retailers have also had to cobble together entirely new chains of business, moving away from in-person to contactless transactions like delivery. And there are new models of buy online, pick up in store. But because they’re new, they’re pretty plum pickings for clever criminals trying to find their next hustle.

And now we’re headed into the holiday shopping season, which will add an entirely new level of chaos.

#breach #malware #videos #vulnerabilities #web security #webinars #allan liska #card skimmer #covid-19 #ddos attacks #ddos extortion #e-commerce #fraud #holiday shopping #loyalty points #loyalty programs #magecart #matt wilson #neustar #nudata #online retail #online sales #online shoppers #online shopping #pandemic #phishing #phishing lures #recorded future #robert capps #scam #secure checkout #waf #web application firewall

Experts Weigh in on E-Commerce Security Amid Snowballing Threats

threatpost.com

Experts Weigh in on E-Commerce Security Amid Snowballing Threats

Experts Weigh in on E-Commerce Security Amid Snowballing Threats. How a retail sector reeling from COVID-19 can lock down their online systems to prevent fraud during the upcoming holiday shopping spike. ... But experts are warning retailers not to focus only on one threat or on protecting one particular system.

1.30 GEEK